[tor-bugs] #10065 [Tor bundles/installation]: Improve Hardening for TBB3.0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 29 01:16:19 UTC 2013
#10065: Improve Hardening for TBB3.0
------------------------------------------+-----------------------------
Reporter: mikeperry | Owner: erinn
Type: defect | Status: accepted
Priority: major | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords: tbb-3.0, gitian
Actual Points: | Parent ID:
Points: |
------------------------------------------+-----------------------------
Comment (by erinn):
I played around with this a bit today and here is a tiny bit of progress
and some rabid fangirling of objdump.
I enabled ASLR and DEP for tor.exe and libevent (nothing else
automatically picks up LDFLAGS, so I need to look into that) and so far
nothing is crashing for me on Win7.
Relatedly, I've been using objdump lately to look at the results of builds
from #9444 and decided to see if it's possible to glean information about
ASLR and DEP from the Windows binaries without having to check them in
ProcessHacker or some other Windows app. For DLLs and EXEs (both PE),
there is something called DllCharacteristics in the header which will tell
you which, if any, of those are enabled. For ASLR it is 0x40 and for DEP
it's 0x100, so all of our DLLs and EXEs should be showing something like:
{{{DllCharacteristics 00000140}}}. The main reason this is cool is that
you can use objdump from Linux to investigate this, you don't need to use
some Microsoft tool, and it can be automated post-build as a QA measure to
make sure nothing funky happens accidentally to disable these measures.
When I talked about this on IRC, Yawning also mentioned this ruby script
which I haven't tried yet:
https://github.com/Myne-us/dllcharacteristics
scan system for characteristics of PE files. This will enable you to find
PEs with ASLR disabled, DEP disabled, and more
There is also pefile: http://code.google.com/p/pefile/
pefile is a multi-platform Python module to read and work with Portable
Executable (aka PE) files. Most of the information in the PE Header is
accessible, as well as all the sections, section's information and data.
As for the crashing: when was it happening? Did anything trigger it? So
far I have been unable to reproduce with my test bundle. If anyone wants
to test it, it's here: https://people.torproject.org/~erinn/qa/torbrowser-
install-3.0-rc-1_en-US-hardened.exe
e5dac7a49095a1422d82df05f67476119642c7488c8c02a7c452757fcdd769ba
I'm going to continue to tighten up the hardening options and try to
reproduce the crashing. I'll also test further with the Microsoft tools
mentioned above.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list